pfSense Packages

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Subcategories

Cache/Proxy

Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

4k Topics

21k Posts

N

Can I use pgblockerng aliases in Haproxy?

80758505-9bad-4dad-a80b-c159be1045a2-image.png

If it was a firewall rule, typing pfb would produce a dropdown to select.

Here it has to be written, but will it work? Is it supported?
IDS/IPS

Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

2k Topics

16k Posts

C

@bmeeks So after upgrading to the newest PfSense 2.8.0 everything is now working like a charm!

Suricata no longer seems to strip off tags like it did before! Which means I can now use my network segmented by VLANs and still use the benefits of Suricata Inline IPS! Very niiize!

I checked in the Alerts section and it is indeed generating the correct alerts from the different VLAN sections, I put Inline IPS on the parent interface of all the VLANs.

I assume this is because the FreeBSD version is also updated with the new PfSense 2.8.0 version?

Because before, as soon as I selected Inline IPS mode, my entire VLAN tagging would break and nothing was reachable until I switched back to Legacy mode.
Traffic Monitoring

Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

571 Topics

3k Posts

K

@pulsartiger
The database name is vnstat.db and its location is under /var/db/vnstat.
With "Backup Files/Dir" we are able to do backup or also with a cron.
pfBlockerNG

Discussions about the pfBlockerNG package

3k Topics

20k Posts

R

@Gertjan
Hello,
Thank you.
I had exactly the same issue, and your solution helped me fix it.

Ask ChatGPT
UPS Tools

Discussions about Network UPS Tools and APCUPSD packages for pfSense

101 Topics

2k Posts

J

@dennypage Here it is, complete (rather long)
[2.8.0-RELEASE][admin@janus.jhmg.pvt]/root: pkg info | grep nut nut-2.8.2 Network UPS Tools pfSense-pkg-nut-2.8.2_5 Network UPS Tools
Here's what Package Manager has:

nut-pkg-manager.png
[2.8.0-RELEASE][admin@janus.jhmg.pvt]/root: usbconfig dump_all_desc ugen0.1: <Intel XHCI root HUB> at usbus0, cfg=0 md=HOST spd=SUPER (5.0Gbps) pwr=SAVE (0mA) bLength = 0x0012 bDescriptorType = 0x0001 bcdUSB = 0x0300 bDeviceClass = 0x0009 <HUB> bDeviceSubClass = 0x0000 bDeviceProtocol = 0x0003 bMaxPacketSize0 = 0x0009 idVendor = 0x0000 idProduct = 0x0000 bcdDevice = 0x0100 iManufacturer = 0x0001 <Intel> iProduct = 0x0002 <XHCI root HUB> iSerialNumber = 0x0000 <no string> bNumConfigurations = 0x0001 Configuration index 0 bLength = 0x0009 bDescriptorType = 0x0002 wTotalLength = 0x001f bNumInterfaces = 0x0001 bConfigurationValue = 0x0001 iConfiguration = 0x0000 <no string> bmAttributes = 0x0040 bMaxPower = 0x0000 Interface 0 bLength = 0x0009 bDescriptorType = 0x0004 bInterfaceNumber = 0x0000 bAlternateSetting = 0x0000 bNumEndpoints = 0x0001 bInterfaceClass = 0x0009 <HUB> bInterfaceSubClass = 0x0000 bInterfaceProtocol = 0x0000 iInterface = 0x0000 <no string> Endpoint 0 bLength = 0x0007 bDescriptorType = 0x0005 bEndpointAddress = 0x0081 <IN> bmAttributes = 0x0003 <INTERRUPT> wMaxPacketSize = 0x0002 bInterval = 0x00ff bRefresh = 0x0000 bSynchAddress = 0x0000 Additional Descriptor bLength = 0x06 bDescriptorType = 0x30 bDescriptorSubType = 0x00 RAW dump: 0x00 | 0x06, 0x30, 0x00, 0x00, 0x00, 0x00 ugen0.2: <Hub Terminus Technology Inc.> at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (100mA) bLength = 0x0012 bDescriptorType = 0x0001 bcdUSB = 0x0200 bDeviceClass = 0x0009 <HUB> bDeviceSubClass = 0x0000 bDeviceProtocol = 0x0001 bMaxPacketSize0 = 0x0040 idVendor = 0x1a40 idProduct = 0x0101 bcdDevice = 0x0111 iManufacturer = 0x0000 <no string> iProduct = 0x0001 <USB 2.0 Hub> iSerialNumber = 0x0000 <no string> bNumConfigurations = 0x0001 Configuration index 0 bLength = 0x0009 bDescriptorType = 0x0002 wTotalLength = 0x0019 bNumInterfaces = 0x0001 bConfigurationValue = 0x0001 iConfiguration = 0x0000 <no string> bmAttributes = 0x00e0 bMaxPower = 0x0032 Interface 0 bLength = 0x0009 bDescriptorType = 0x0004 bInterfaceNumber = 0x0000 bAlternateSetting = 0x0000 bNumEndpoints = 0x0001 bInterfaceClass = 0x0009 <HUB> bInterfaceSubClass = 0x0000 bInterfaceProtocol = 0x0000 iInterface = 0x0000 <no string> Endpoint 0 bLength = 0x0007 bDescriptorType = 0x0005 bEndpointAddress = 0x0081 <IN> bmAttributes = 0x0003 <INTERRUPT> wMaxPacketSize = 0x0001 bInterval = 0x000c bRefresh = 0x0000 bSynchAddress = 0x0000 ugen0.3: <Dell MS116 Optical Mouse Dell Computer Corp.> at usbus0, cfg=0 md=HOST spd=LOW (1.5Mbps) pwr=ON (100mA) bLength = 0x0012 bDescriptorType = 0x0001 bcdUSB = 0x0200 bDeviceClass = 0x0000 <Probed by interface class> bDeviceSubClass = 0x0000 bDeviceProtocol = 0x0000 bMaxPacketSize0 = 0x0008 idVendor = 0x413c idProduct = 0x301a bcdDevice = 0x0100 iManufacturer = 0x0001 <PixArt> iProduct = 0x0002 <Dell MS116 USB Optical Mouse> iSerialNumber = 0x0000 <no string> bNumConfigurations = 0x0001 Configuration index 0 bLength = 0x0009 bDescriptorType = 0x0002 wTotalLength = 0x0022 bNumInterfaces = 0x0001 bConfigurationValue = 0x0001 iConfiguration = 0x0000 <no string> bmAttributes = 0x00a0 bMaxPower = 0x0032 Interface 0 bLength = 0x0009 bDescriptorType = 0x0004 bInterfaceNumber = 0x0000 bAlternateSetting = 0x0000 bNumEndpoints = 0x0001 bInterfaceClass = 0x0003 <HID device> bInterfaceSubClass = 0x0001 bInterfaceProtocol = 0x0002 iInterface = 0x0000 <no string> Additional Descriptor bLength = 0x09 bDescriptorType = 0x21 bDescriptorSubType = 0x11 RAW dump: 0x00 | 0x09, 0x21, 0x11, 0x01, 0x00, 0x01, 0x22, 0x2e, 0x08 | 0x00 Endpoint 0 bLength = 0x0007 bDescriptorType = 0x0005 bEndpointAddress = 0x0081 <IN> bmAttributes = 0x0003 <INTERRUPT> wMaxPacketSize = 0x0004 bInterval = 0x000a bRefresh = 0x0000 bSynchAddress = 0x0000 ugen0.4: <Multimedia Keyboard Lite-On Technology Corp.> at usbus0, cfg=0 md=HOST spd=LOW (1.5Mbps) pwr=ON (100mA) bLength = 0x0012 bDescriptorType = 0x0001 bcdUSB = 0x0110 bDeviceClass = 0x0000 <Probed by interface class> bDeviceSubClass = 0x0000 bDeviceProtocol = 0x0000 bMaxPacketSize0 = 0x0008 idVendor = 0x04ca idProduct = 0x003a bcdDevice = 0x0115 iManufacturer = 0x0001 <Lite-On Technology Corp.> iProduct = 0x0002 <USB Multimedia Keyboard> iSerialNumber = 0x0000 <no string> bNumConfigurations = 0x0001 Configuration index 0 bLength = 0x0009 bDescriptorType = 0x0002 wTotalLength = 0x003b bNumInterfaces = 0x0002 bConfigurationValue = 0x0001 iConfiguration = 0x0000 <no string> bmAttributes = 0x00a0 bMaxPower = 0x0032 Interface 0 bLength = 0x0009 bDescriptorType = 0x0004 bInterfaceNumber = 0x0000 bAlternateSetting = 0x0000 bNumEndpoints = 0x0001 bInterfaceClass = 0x0003 <HID device> bInterfaceSubClass = 0x0001 bInterfaceProtocol = 0x0001 iInterface = 0x0000 <no string> Additional Descriptor bLength = 0x09 bDescriptorType = 0x21 bDescriptorSubType = 0x10 RAW dump: 0x00 | 0x09, 0x21, 0x10, 0x01, 0x00, 0x01, 0x22, 0x41, 0x08 | 0x00 Endpoint 0 bLength = 0x0007 bDescriptorType = 0x0005 bEndpointAddress = 0x0081 <IN> bmAttributes = 0x0003 <INTERRUPT> wMaxPacketSize = 0x0008 bInterval = 0x000a bRefresh = 0x0000 bSynchAddress = 0x0000 Interface 1 bLength = 0x0009 bDescriptorType = 0x0004 bInterfaceNumber = 0x0001 bAlternateSetting = 0x0000 bNumEndpoints = 0x0001 bInterfaceClass = 0x0003 <HID device> bInterfaceSubClass = 0x0000 bInterfaceProtocol = 0x0000 iInterface = 0x0000 <no string> Additional Descriptor bLength = 0x09 bDescriptorType = 0x21 bDescriptorSubType = 0x10 RAW dump: 0x00 | 0x09, 0x21, 0x10, 0x01, 0x00, 0x01, 0x22, 0x4e, 0x08 | 0x00 Endpoint 0 bLength = 0x0007 bDescriptorType = 0x0005 bEndpointAddress = 0x0082 <IN> bmAttributes = 0x0003 <INTERRUPT> wMaxPacketSize = 0x0008 bInterval = 0x000a bRefresh = 0x0000 bSynchAddress = 0x0000 ugen0.5: <PR1500LCDRT2U UPS Cyber Power System, Inc.> at usbus0, cfg=0 md=HOST spd=FULL (12Mbps) pwr=ON (2mA) bLength = 0x0012 bDescriptorType = 0x0001 bcdUSB = 0x0200 bDeviceClass = 0x0000 <Probed by interface class> bDeviceSubClass = 0x0000 bDeviceProtocol = 0x0000 bMaxPacketSize0 = 0x0040 idVendor = 0x0764 idProduct = 0x0601 bcdDevice = 0x0200 iManufacturer = 0x0003 <CPS> iProduct = 0x0001 <CP1500PFCLCDa> iSerialNumber = 0x0002 <CXXJV2014210> bNumConfigurations = 0x0001 Configuration index 0 bLength = 0x0009 bDescriptorType = 0x0002 wTotalLength = 0x0029 bNumInterfaces = 0x0001 bConfigurationValue = 0x0001 iConfiguration = 0x0000 <no string> bmAttributes = 0x00c0 bMaxPower = 0x0001 Interface 0 bLength = 0x0009 bDescriptorType = 0x0004 bInterfaceNumber = 0x0000 bAlternateSetting = 0x0000 bNumEndpoints = 0x0002 bInterfaceClass = 0x0003 <HID device> bInterfaceSubClass = 0x0000 bInterfaceProtocol = 0x0000 iInterface = 0x0000 <no string> Additional Descriptor bLength = 0x09 bDescriptorType = 0x21 bDescriptorSubType = 0x10 RAW dump: 0x00 | 0x09, 0x21, 0x10, 0x01, 0x21, 0x01, 0x22, 0xd1, 0x08 | 0x02 Endpoint 0 bLength = 0x0007 bDescriptorType = 0x0005 bEndpointAddress = 0x0081 <IN> bmAttributes = 0x0003 <INTERRUPT> wMaxPacketSize = 0x0040 bInterval = 0x000a bRefresh = 0x0000 bSynchAddress = 0x0000 Endpoint 1 bLength = 0x0007 bDescriptorType = 0x0005 bEndpointAddress = 0x0002 <OUT> bmAttributes = 0x0003 <INTERRUPT> wMaxPacketSize = 0x0040 bInterval = 0x0014 bRefresh = 0x0000 bSynchAddress = 0x0000 ugen0.6: <AX201 Bluetooth Intel Corp.> at usbus0, cfg=0 md=HOST spd=FULL (12Mbps) pwr=ON (100mA) bLength = 0x0012 bDescriptorType = 0x0001 bcdUSB = 0x0201 bDeviceClass = 0x00e0 <Wireless controller> bDeviceSubClass = 0x0001 bDeviceProtocol = 0x0001 bMaxPacketSize0 = 0x0040 idVendor = 0x8087 idProduct = 0x0026 bcdDevice = 0x0002 iManufacturer = 0x0000 <no string> iProduct = 0x0000 <no string> iSerialNumber = 0x0000 <no string> bNumConfigurations = 0x0001 Configuration index 0 bLength = 0x0009 bDescriptorType = 0x0002 wTotalLength = 0x00c8 bNumInterfaces = 0x0002 bConfigurationValue = 0x0001 iConfiguration = 0x0000 <no string> bmAttributes = 0x00e0 bMaxPower = 0x0032 Interface 0 bLength = 0x0009 bDescriptorType = 0x0004 bInterfaceNumber = 0x0000 bAlternateSetting = 0x0000 bNumEndpoints = 0x0003 bInterfaceClass = 0x00e0 <Wireless controller> bInterfaceSubClass = 0x0001 bInterfaceProtocol = 0x0001 iInterface = 0x0000 <no string> Endpoint 0 bLength = 0x0007 bDescriptorType = 0x0005 bEndpointAddress = 0x0081 <IN> bmAttributes = 0x0003 <INTERRUPT> wMaxPacketSize = 0x0040 bInterval = 0x0001 bRefresh = 0x0000 bSynchAddress = 0x0000 Endpoint 1 bLength = 0x0007 bDescriptorType = 0x0005 bEndpointAddress = 0x0002 <OUT> bmAttributes = 0x0002 <BULK> wMaxPacketSize = 0x0040 bInterval = 0x0001 bRefresh = 0x0000 bSynchAddress = 0x0000 Endpoint 2 bLength = 0x0007 bDescriptorType = 0x0005 bEndpointAddress = 0x0082 <IN> bmAttributes = 0x0002 <BULK> wMaxPacketSize = 0x0040 bInterval = 0x0001 bRefresh = 0x0000 bSynchAddress = 0x0000 Interface 1 bLength = 0x0009 bDescriptorType = 0x0004 bInterfaceNumber = 0x0001 bAlternateSetting = 0x0000 bNumEndpoints = 0x0002 bInterfaceClass = 0x00e0 <Wireless controller> bInterfaceSubClass = 0x0001 bInterfaceProtocol = 0x0001 iInterface = 0x0000 <no string> Endpoint 0 bLength = 0x0007 bDescriptorType = 0x0005 bEndpointAddress = 0x0003 <OUT> bmAttributes = 0x0001 <ISOCHRONOUS> wMaxPacketSize = 0x0000 bInterval = 0x0001 bRefresh = 0x0000 bSynchAddress = 0x0000 Endpoint 1 bLength = 0x0007 bDescriptorType = 0x0005 bEndpointAddress = 0x0083 <IN> bmAttributes = 0x0001 <ISOCHRONOUS> wMaxPacketSize = 0x0000 bInterval = 0x0001 bRefresh = 0x0000 bSynchAddress = 0x0000 Interface 1 Alt 1 bLength = 0x0009 bDescriptorType = 0x0004 bInterfaceNumber = 0x0001 bAlternateSetting = 0x0001 bNumEndpoints = 0x0002 bInterfaceClass = 0x00e0 <Wireless controller> bInterfaceSubClass = 0x0001 bInterfaceProtocol = 0x0001 iInterface = 0x0000 <no string> Endpoint 0 bLength = 0x0007 bDescriptorType = 0x0005 bEndpointAddress = 0x0003 <OUT> bmAttributes = 0x0001 <ISOCHRONOUS> wMaxPacketSize = 0x0009 bInterval = 0x0001 bRefresh = 0x0000 bSynchAddress = 0x0000 Endpoint 1 bLength = 0x0007 bDescriptorType = 0x0005 bEndpointAddress = 0x0083 <IN> bmAttributes = 0x0001 <ISOCHRONOUS> wMaxPacketSize = 0x0009 bInterval = 0x0001 bRefresh = 0x0000 bSynchAddress = 0x0000 Interface 1 Alt 2 bLength = 0x0009 bDescriptorType = 0x0004 bInterfaceNumber = 0x0001 bAlternateSetting = 0x0002 bNumEndpoints = 0x0002 bInterfaceClass = 0x00e0 <Wireless controller> bInterfaceSubClass = 0x0001 bInterfaceProtocol = 0x0001 iInterface = 0x0000 <no string> Endpoint 0 bLength = 0x0007 bDescriptorType = 0x0005 bEndpointAddress = 0x0003 <OUT> bmAttributes = 0x0001 <ISOCHRONOUS> wMaxPacketSize = 0x0011 bInterval = 0x0001 bRefresh = 0x0000 bSynchAddress = 0x0000 Endpoint 1 bLength = 0x0007 bDescriptorType = 0x0005 bEndpointAddress = 0x0083 <IN> bmAttributes = 0x0001 <ISOCHRONOUS> wMaxPacketSize = 0x0011 bInterval = 0x0001 bRefresh = 0x0000 bSynchAddress = 0x0000 Interface 1 Alt 3 bLength = 0x0009 bDescriptorType = 0x0004 bInterfaceNumber = 0x0001 bAlternateSetting = 0x0003 bNumEndpoints = 0x0002 bInterfaceClass = 0x00e0 <Wireless controller> bInterfaceSubClass = 0x0001 bInterfaceProtocol = 0x0001 iInterface = 0x0000 <no string> Endpoint 0 bLength = 0x0007 bDescriptorType = 0x0005 bEndpointAddress = 0x0003 <OUT> bmAttributes = 0x0001 <ISOCHRONOUS> wMaxPacketSize = 0x0019 bInterval = 0x0001 bRefresh = 0x0000 bSynchAddress = 0x0000 Endpoint 1 bLength = 0x0007 bDescriptorType = 0x0005 bEndpointAddress = 0x0083 <IN> bmAttributes = 0x0001 <ISOCHRONOUS> wMaxPacketSize = 0x0019 bInterval = 0x0001 bRefresh = 0x0000 bSynchAddress = 0x0000 Interface 1 Alt 4 bLength = 0x0009 bDescriptorType = 0x0004 bInterfaceNumber = 0x0001 bAlternateSetting = 0x0004 bNumEndpoints = 0x0002 bInterfaceClass = 0x00e0 <Wireless controller> bInterfaceSubClass = 0x0001 bInterfaceProtocol = 0x0001 iInterface = 0x0000 <no string> Endpoint 0 bLength = 0x0007 bDescriptorType = 0x0005 bEndpointAddress = 0x0003 <OUT> bmAttributes = 0x0001 <ISOCHRONOUS> wMaxPacketSize = 0x0021 bInterval = 0x0001 bRefresh = 0x0000 bSynchAddress = 0x0000 Endpoint 1 bLength = 0x0007 bDescriptorType = 0x0005 bEndpointAddress = 0x0083 <IN> bmAttributes = 0x0001 <ISOCHRONOUS> wMaxPacketSize = 0x0021 bInterval = 0x0001 bRefresh = 0x0000 bSynchAddress = 0x0000 Interface 1 Alt 5 bLength = 0x0009 bDescriptorType = 0x0004 bInterfaceNumber = 0x0001 bAlternateSetting = 0x0005 bNumEndpoints = 0x0002 bInterfaceClass = 0x00e0 <Wireless controller> bInterfaceSubClass = 0x0001 bInterfaceProtocol = 0x0001 iInterface = 0x0000 <no string> Endpoint 0 bLength = 0x0007 bDescriptorType = 0x0005 bEndpointAddress = 0x0003 <OUT> bmAttributes = 0x0001 <ISOCHRONOUS> wMaxPacketSize = 0x0031 bInterval = 0x0001 bRefresh = 0x0000 bSynchAddress = 0x0000 Endpoint 1 bLength = 0x0007 bDescriptorType = 0x0005 bEndpointAddress = 0x0083 <IN> bmAttributes = 0x0001 <ISOCHRONOUS> wMaxPacketSize = 0x0031 bInterval = 0x0001 bRefresh = 0x0000 bSynchAddress = 0x0000 Interface 1 Alt 6 bLength = 0x0009 bDescriptorType = 0x0004 bInterfaceNumber = 0x0001 bAlternateSetting = 0x0006 bNumEndpoints = 0x0002 bInterfaceClass = 0x00e0 <Wireless controller> bInterfaceSubClass = 0x0001 bInterfaceProtocol = 0x0001 iInterface = 0x0000 <no string> Endpoint 0 bLength = 0x0007 bDescriptorType = 0x0005 bEndpointAddress = 0x0003 <OUT> bmAttributes = 0x0001 <ISOCHRONOUS> wMaxPacketSize = 0x003f bInterval = 0x0001 bRefresh = 0x0000 bSynchAddress = 0x0000 Endpoint 1 bLength = 0x0007 bDescriptorType = 0x0005 bEndpointAddress = 0x0083 <IN> bmAttributes = 0x0001 <ISOCHRONOUS> wMaxPacketSize = 0x003f bInterval = 0x0001 bRefresh = 0x0000 bSynchAddress = 0x0000
ACME

Discussions about the ACME / Let’s Encrypt package for pfSense

493 Topics

3k Posts

G

@EChondo

What's your pfSense version ?
The instructions are shown here :

1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png

A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate.

@EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy:

I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess.

No need to wait x days.
You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.
FRR

Discussions about the FRR Dynamic Routing package on pfSense

294 Topics

1k Posts

R

I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.
Tailscale

Discussions about the Tailscale package

89 Topics

574 Posts

A

Hello,
I am unable to get the Tailscale package to work. The page at VPN > Tailscale > Authentication is stuck. It displays the error "Tailscale is not online," but also shows a "Logout and Clean" button, with no option to log in.
link text

This state persists even after performing the following troubleshooting steps:

Rebooting the pfSense router.

Completely uninstalling and reinstalling the Tailscale package multiple times.

Clearing browser cache and using a private browser window.

Toggling the main "Enable Tailscale" checkbox in the settings.

Checking the logs, which show the service gets a "terminate" signal and shuts down cleanly; it does not crash.

Manually trying to delete the state file with rm /var/db/tailscale/tailscaled.state, which failed because the file does not exist.

It appears that the package's configuration is corrupted in a way that persists even after reinstallation. Can anyone advise on how to perform a complete manual cleanup of all Tailscale files and settings?
WireGuard

Discussions about WireGuard

690 Topics

4k Posts

J

I've read through some other posts about this, but they either didn't say whether the proposed solution worked or they were very convoluted and difficult to understand. Here is our scenario: We have 6 locations--Las Cruces (LC), Sunland Park (SP), El Paso (EP), Abilene (ABI), Fort Worth (FW), and Plano (PL). LC and ABI have software that is accessed by the other 4 locations via VPN. There are WireGuard VPNs set up between LC and those 4 locations (SP, EP, FW, PL), and ABI and those 4 locations (SP, EP, FW, PL). There is also a WireGuard VPN connection between LC and ABI. LC and ABI have 2 internet connections. SP, EP, FW, and PL each have one internet connection.

If the primary internet connection goes down at either LC or ABI and failover occurs to the secondary internet connection, is there a way to set up the WireGuard VPN connections so that they also failover without purchasing some 3rd party application?

Thanks.

H

XML Extension not found *error*

Watching Ignoring Scheduled Pinned Locked Moved
1

0 Votes

1 Posts

1k Views

No one has replied
D

Snort alert not reproducable

Watching Ignoring Scheduled Pinned Locked Moved
7

0 Votes

7 Posts

4k Views

B

@digidax:

So, after sniffing with tcpdump I can reproduce the problem now:
There is a bug in the IMAP preprocessor during handling TLS communication:
http://seclists.org/snort/2013/q3/453
Is there a bug tracker where I can see the status of this reported bug?

I my case, User 1 has a bad DSL-Line. If during the TLS session snort gets a hiccup, the mail server gets a broken TLS login and so it's close the session.

Until this bug is not fixed, there are two ways: disable the IMAP preprocessor OR switch of TLS for IMAP auth.

best regards
Frank

I have a new Snort package based on the 2.9.5.5 binary that is being reviewed by the pfSense Core Team now. Hopefully they approve and merge it soon. I believe some TLS fixes are in the new binary.

Bill
S

Squid 3.3.10 upgrade stuck on Creating squid cache pools… One moment please...

Watching Ignoring Scheduled Pinned Locked Moved
7

0 Votes

7 Posts

3k Views

S

Thanks
It's working now

Remove
then install
then reboot
P

Captive Portal/FreeRADIUS/WPA Enterprise/Segmenting Users

Watching Ignoring Scheduled Pinned Locked Moved
11

0 Votes

11 Posts

3k Views

N

@thermo:

ssh into your pfsense & into the shell.
killall radiusd /usr/local/sbin/radiusd -X
and watch the output.

No need to kill the process just stop it on GUI.
radiusd -X will run freeradius in debug mode and tells you everything.

In freeradius GUI you can enable the logging of good and bad authentications - passwords and usernames will be shown in pfsense syslog.

Further make sure that the switches and WLAN AP have the same shared secret as in freeradius NAS/Clients.

Make sure that your switches and APs send its correct NAS-IP to freeradizs and configured in Users.

Freeradius - View config could help you to find out if your Users file looks correct and represets all your paramwters.

The order in the users file is important. So if there is one user added twice the first match will win.
S

Haproxy-1.4.24 installation/re-installation hangs

Watching Ignoring Scheduled Pinned Locked Moved
3

0 Votes

3 Posts

1k Views

M

I've updated haproxy-full package to 1.1.

It's working fine on 2.0.3 and 2.1 as well.
R

Package vhosts: allow Regex

Watching Ignoring Scheduled Pinned Locked Moved
1

0 Votes

1 Posts

1k Views

No one has replied
B

Snort 2.9.4.6 pkg v2.6.1

Watching Ignoring Scheduled Pinned Locked Moved
59

0 Votes

59 Posts

16k Views

S

Use the suppress icon to filter away blocks because of that SID.
D

Different SquidGuard setting for each Ip/User

Watching Ignoring Scheduled Pinned Locked Moved
2

0 Votes

2 Posts

962 Views

M

of course it is possible, in squidguard using group acl feature you can create different user profiles by source or captiveportal usernames(squid3-dev required) with different filtering options
R

BUG: As feared… New Unbound version 1.4.21_1, new bugs for free ...

Watching Ignoring Scheduled Pinned Locked Moved
1

0 Votes

1 Posts

1k Views

No one has replied
T

Squid exited due to signal 6 (NOOB QUSTION)

Watching Ignoring Scheduled Pinned Locked Moved
4

0 Votes

4 Posts

17k Views

N

Hi,

you could try this:
http://wiki.squid-cache.org/SquidFaq/ClearingTheCache

Pruning the Cache Down
and
Changing the Cache Levels

Perhaps downsizing the HDD cache could solve the problem. But you changed the path and if it works it will be ok :)
S

How to update Sarg package without losing my existing setting?

Watching Ignoring Scheduled Pinned Locked Moved
5

0 Votes

5 Posts

2k Views

S

Thank You for your help :)
E

HAVP config

Watching Ignoring Scheduled Pinned Locked Moved
2

0 Votes

2 Posts

1k Views

E

I have a workaround which involves modifying havp.inc - I know it will get overwritten when I reinstall HAVP package. I wasn't able to get internal and NAT rules to work so I modified the rule / filter using supernetting so it will not redirect to HAVP if destination IP falls within the IP range.

If anyone has gotten internal and NAT rules to work, please let me know.
M

Lightsquid - Error (1): Cannot get data. Server answered: HTTP/1.0 403 Forbidden

Watching Ignoring Scheduled Pinned Locked Moved
8

0 Votes

8 Posts

17k Views

B

hi..
i followed it and its working fine at squid 3.3.5

http://forum.pfsense.org/index.php?topic=65102.0
X

Cron 0.1.8 wont run reboot command

Watching Ignoring Scheduled Pinned Locked Moved
12

0 Votes

12 Posts

4k Views

X

i reinstalled the cron package, it was the latest one though, and the error disappeared, use the below works for me so will stick with it

command = /etc/rc.reboot (works in both crons)
J

Ntop warning: Max num TCP sessions, setting seems to have no effect

Watching Ignoring Scheduled Pinned Locked Moved
2

0 Votes

2 Posts

2k Views

J

Looks like this setting will always be ignored: https://github.com/pfsense/pfsense-packages/blob/4e3879cf61b174570a0a27ab84fd32040e044222/config/ntop2/ntop.xml
?

Snort blocking

Watching Ignoring Scheduled Pinned Locked Moved
3

0 Votes

3 Posts

1k Views

B

@Amirkabir:

Hi
I want to know how pfsense snort package block attacking hosts. Is there a plugin like snortsam in snort package?

Snort on pfSense makes use of an old third-party open-source plugin called Spoink. This is compiled into the Snort binary on pfSense as an output plugin. It sees all of the alerts and examines the IP addresses and compares them to an internal whitelist table. Any IP address not matching up with a whitelist entry is then "blocked". This blocking is done by calling the BSD pf (packet filter) API to insert the offending IP address into a block table called snort2c. Currently snortsam is not used.

Bill
L

Squid reverse - redirects?

Watching Ignoring Scheduled Pinned Locked Moved
11

0 Votes

11 Posts

17k Views

P

I was working on this exact problem with preserving the URI during redirect and had stumbled upon this thread. I thought I would share the solution to help others who may be in the same boat. Squid 3.2 required.

pfsense 2.0-RELEASE (i386)
squid3-dev 3.3.8 pkg 2.2

Use '^/.*$' in the Path regex field to match on domain + whatever.

http://wiki.squid-cache.org/Features/CustomErrors#deny_info_URL_codes_for_embedding

Simply add %R to the 'URL to redirect to' field so it looks like this: 'https://pfsense.org%R' In this case, http://pfsense.org/mysuperpage.php redirects to https://pfsense.org/mysuperpage.php
S

How run pftop on VLAN Interfaces

Watching Ignoring Scheduled Pinned Locked Moved
2

0 Votes

2 Posts

837 Views

J

pftop -i (real name of the interface)

e.g.
pftop -i em1_vlan22
Seems to work for me.
S

Block file sharing inside the LAN

Watching Ignoring Scheduled Pinned Locked Moved
3

0 Votes

3 Posts

2k Views

O

marcelloc is right, a Firwall or Gateway can't filter LAN to LAN because it is normally Layer3 device.

You should use something like Asymmetric VLAN, so you dont need a lot of subnets to filter. Ceep it simple

Here is something to read:
ftp://ftp.dlink.es/FAQs/TS_AV.pdf
ftp://ftp.dlink.de/anleitungen/Switch/DGS-12xxT_Howto_de_overlapping_vlan_Rev_D.pdf

Edit:
Cisco explains it too
http://www.cisco.com/en/US/docs/switches/connectedgrid/cgs2520/software/release/15_0_2_ed/configuration/guide/cgs_asym-vlan.pdf
L

Squid 3.1.20 pkg 2.0.6 - custom option question

Watching Ignoring Scheduled Pinned Locked Moved
4

0 Votes

4 Posts

1k Views

M

@Legion:

Thanks marcelloc. Doing that at least changed the error message to:

TCP_MISS/503 0 CONNECT some_rfc_1918_address_but_not_in_my_local_net:utorrent's_port - DIRECT/some_rfc_1918_address_but_not_in_my_local_net

Maybe it's something to do with the CONNECT method? Where I'd normally expect the GET method?

This torrent maybe trying to connect via ssl, that's why you only see CONNECT on logs

202 / 464